添加两个数字 [英] addition of two numeric digits

问题描述

aoa ...我正在根据员工姓名更新我的记录...但是当我添加两个数值时，如（200.00 + 100.00）ans给出零...但是当我给出简单的值时（100 + 200）然后它给出正确的答案....我能为此做些什么??????数值的ans也将是正确的

aoa... i am updating my record on the basis of employee name... but when i am adding two numeric values like (200.00+100.00 ) ans is giving zero...but when i am giving simple values like (100+200) then it is giving correct answers.... what can i do for this?????? that ans of numeric values will also b correct

int val1, val2;
            int.TryParse(textBox3.Text, out val1);
            int.TryParse(textBox4.Text, out val2);
            int sum = val1 + val2;
            textBox5.Text = sum.ToString();






            if (textBox1.Text != "" && textBox2.Text != "")
            {
                SqlCommand sqlcmd = sqlconn.CreateCommand();
                sqlcmd.CommandText = " update payroll set  Gross_Salary='" + val1 + "',Bonus='" + val2 + "',total_salary='" + val3 + "',income_tax='" + val6 + "',eobi='" + val5 + "',advance='" + val4 + "',fine='" + val8 + "',others='" + val9 + "',net_salary='" + val7 + "' where emp_name='" + textBox1.Text + "' ";
                try
                {
                    sqlcmd.ExecuteNonQuery();
                    MessageBox.Show("REcord updated");
                }
                catch (SqlException err)
                {
                    MessageBox.Show(err.Message);
                }
            }
            else
            {
                MessageBox.Show("Enter record to update");
            }

推荐答案

代码的第3-4行有一个错误，使得读取其余代码无用。方法 TryParse 具有布尔结果类型;如果它们返回false， out 参数没有得到正确的结果，因为解析不成功。你抛弃这个结果，这样就忽略了解析不成功的情况。



还有其他问题。



不要使用，请使用 string.Empty 。并且存在一个非常关键的问题：使用从UI获取的字符串的串联来编写查询。重复连接很糟糕，因为字符串是不可变的;但是，更糟糕的是，这开辟了一个名为 SQL注入的众所周知的漏洞的可能性：

http://xkcd.com/327 [ ^ ]。< br $> b $ b

从来没有这样做过。请参阅： http://en.wikipedia.org/wiki/SQL_injection [ ^ ]。



使用此： http://msdn.microsoft.com/en-us/library/ff648339.aspx [<一个href =http://msdn.microsoft.com/en-us/library/ff648339.aspxtarget =_ blanktitle =New Window> ^ ]。



如需解释，请查看我过去的答案：

EROR IN com.ExecuteNonQuery（）; [ ^ ]，

嗨名字没有显示在名字中？ [ ^ ]。

-SA

The lines 3-4 of your code has a bug which makes reading the rest of the code useless. The methods TryParse has Boolean result type; if they return false, the out parameters does no get proper results, because parsing was unsuccessful. You are throwing out this result, this way, ignoring the case of unsuccessful parsing.

There are other problems.

Don't use "", use string.Empty. And there is a really critical problem: you compose a query using concatenation of strings taken from UI. Repeating concatenation is bad, because strings are immutable; but, much worse, this opens wide the possibility for the well-known exploit called SQL injection:
http://xkcd.com/327[^].

Never ever do it. Please see: http://en.wikipedia.org/wiki/SQL_injection[^].

Use this: http://msdn.microsoft.com/en-us/library/ff648339.aspx[^].

For explanations, please see my past answers:
EROR IN UPATE in com.ExecuteNonQuery();[^],
hi name is not displaying in name?[^].

—SA

使用Double.Parse代替Int

Use Double.Parse instead of Int

这篇关于添加两个数字的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！